RE: [squid-users] Apple Computers jam my NTLM Helpers. from Jonathan Chretien on 2008-06-17 (squid-users)

From: Jonathan Chretien <jonathan_chretien_at_hotmail.com>
Date: Tue, 17 Jun 2008 13:07:31 -0400

Hello Henrik.

So you believe that the problem is not related to Squid but related with the apple computer ?

The thing that I don't understand is that inside a Apple computer, it's a Linux operating system. Linux is able to talk NTLM language.

If it's related with Squid, is it only a refresh problem of Squid or the Helper is really use by Squid ? The helpers are jammed, but the Mac computer is able to surf on the internet without problem.

I did a test with an Apple computer and when I open Safari, for exemple, to surf on the internet, I get 4-5 helper that are jammed, but even if these helpers are jammed, my authentication is done and I'm able to surf on the internet. In my Access.log, I see the username of the personne with a TCP_HIT, MISS or ... but no Denied. No error message in my Cache.log but get error when my Squid crash because all process are busy.

It's the reason why on my side, I think that the problem is related with ntlm_auth from Samba that is not able to release it after the Apple computer did his authentication.

There is a new update of Samba-common available to install. I will probably do it soon, but there is nothing in the log indicating a problem with the ntlm_auth module and it's not the first time that I update my Squid server and have a samba-common to install and the problem is still there.

If someone else has an idea, solution, give me your solution or test.

Thanks.

Jonathan

> Subject: RE: [squid-users] Apple Computers jam my NTLM Helpers.
> From: henrik_at_henriknordstrom.net
> To: jonathan_chretien_at_hotmail.com
> CC: mps_at_utas.edu.au; squid-users_at_squid-cache.org
> Date: Fri, 6 Jun 2008 23:37:41 +0200
>
> On tor, 2008-06-05 at 20:10 -0400, Jonathan Chretien wrote:
>
>> It's very strange. I really don't know if it's a Mac problem or if it's a problem with the Helper that has difficulty to talk with Mac Computers.
>
> Shoule be easy to see with a wireshark capture of the traffic. Each new
> connection starting an NTLM handshake reserves a helper until the
> authentication completes or the connection is closed.
>
> My guess on what happens is that the client opens a connection, sends
> the initial negotiate blob, and gets the challenge from the helper and
> then just sits there doing nothing with the connection, when it's
> expected to send an authentication blob (final NTLM packet)
>
> Regards
> Henrik
>
>
>

_________________________________________________________________
Received on Tue Jun 17 2008 - 17:07:43 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 17 2008 - 12:00:03 MDT